CrowdStrike is the leader in cloud-delivered next-generation endpoint protection, threat intelligence, and pre- and post-incident response services. With the ability to collect and process over 100 billion events a day, CrowdStrike has revolutionized endpoint protection by being the first and only company to unify next-generation antivirus (AV), endpoint detection and response (EDR), and a 24/7 managed hunting service — all delivered via a single lightweight agent. We are one of the World's Most 50 Innovative Companies according to MIT, and one of Forbes Most Promising Companies. Our growth and innovation are driven by incredible employees who deliver unmatched customer success.
We have received a number of exciting awards including:
- October 2018: 100 Best Medium Workplaces Second Year in a Row by Fortune magazine.
- June 2018: Closed over $200 million, led by General Atlantic, Accel and IVP, with participation from March Capital and CapitalG (Google), achieving a valuation of more than $3 billion.
- April 2018: CrowdStrike Wins SC Award for Best Security Company Second Year in a Row.
About the Role
As the Senior Red Team consultant, you will execute penetration testing and security assessments across customer networks. Your motivation, self-starter attitude and deep understanding of technology and adversary attacks will be critical to your success in assessing security posture of our clients.
You’ll work alongside respected industry professionals, learning about and using the latest tools and techniques to identify and overcome some of the most relevant and pressing security issues in the world. It’s a highly specialized area, where you’ll learn highly sought after technical skills, all while developing your technical and problem solving skills – often by working directly on-site with our clients.
This is not a vulnerability scanning or assessment role. We are looking for motivated consultants who want to conduct real world adversary attacks against the largest companies in the world. Are you up to the challenge?
- Perform adversary based penetration testing, web and mobile application testing, wireless network assessments, and social-engineering assessments
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel
- Recognize and safely utilize attacker tools, tactics, and procedures
- Develop scripts, tools, or methodologies to enhance CrowdStrike red teaming capabilities
- Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
Your key responsibilities:
- Perform penetration testing which includes internet, intranet, wireless, web application, social engineering and physical penetration testing.
- Execute adversary emulation attacks to highlight gaps impacting organizations security postures.
- Ability to work both independently as well as lead a team of technical testers on penetration testing and red team engagements.
- Provide technical leadership and advise to junior team members on attack and penetration test engagements.
- Identify and exploit security vulnerabilities in a wide array of systems in a variety of situations.
- Perform in-depth analysis of penetration testing results and create report that describes findings, exploitation procedures, risks and recommendations.
- Execute penetration testing projects using the established methodology, tools and rules of engagements.
- Convey complex technical security concepts to technical and non-technical audiences including executives.
What You'll Need
- A minimum of 3 years of work experience in penetration testing which includes internet, intranet, web application penetration tests, wireless, social engineering, and Red Team assessments.
- Experience with manual attack and penetration testing.
- Experience with scripting / programming skills (e.g., Python, PowerShell, Java, Perl etc).
- Updated and familiarized with the latest exploits and security trends.
- Experience to lead a technical team to conduct remote and on-site penetration testing within defined rules of engagement.
- Familiarity to perform network penetration testing in stealth manner.
- Any one of the following certifications: OSCE, OSCP, OSWP, GPEN, GWAPT, OSCE, OSEE, GXPN.
- A driver’s license valid in the U.S
- Willingness and ability to travel domestically and internationally to meet client needs.
- Estimated travel required up to 25%.
Ideally, you’ll also have:
- Knowledge of Windows, Linux, Unix, any other major operating systems.
- Deep understanding of TCP/IP network protocols.
- Deep understanding and experience with various Active Directory attack techniques.
- Understanding of network security and popular attacks vectors.
- Understanding of web-based application vulnerabilities (OWASP Top 10).
- Understanding of Cobalt Strike, MetaSploit, Empire, Burp
Benefits of Working at CrowdStrike:
- Market leader in compensation + stock options
- Competitive vacation policy
- Comprehensive health benefits + 401k plan (US only)
- Paid paternity and maternity leave, including adoption
- Flexible work hours and remote friendly environment
- Wellness programs
- Stocked fridges, coffee, soda, and lots of treats
- Peer recognition
- Inclusive culture focused on people, customers and innovation
- Regular team activities, including happy hours, community service events
CrowdStrike believes that diversity and inclusion among our organization is essential to our success as a global company, and we seek to attract, retain and empower the industry’s best and brightest from a diverse talent pool.
CrowdStrike is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.